Stonefly

Threat Actor updated 23 days ago (2024-11-29T14:19:29.058Z)
Download STIX
Preview STIX
Stonefly, also known as Andariel, Silent Chollima, Onyx Sleet, and APT45, is a threat actor group that has been active since at least 2015 and is believed to be linked to the North Korean government. The group has been involved in various attacks, including ransomware campaigns against Healthcare and Public Health (HPH) sector organizations in the US since May 2021. Notably, Stonefly used the Maui ransomware in these attacks to fund their activities. Furthermore, Stonefly intensified its financial attacks on U.S. companies, exploiting vulnerabilities like Log4j and deploying malware families such as DTRack and MagicRat. The group's activities escalated in the middle of last year when it actively exploited the Log4j vulnerability. Despite an indictment from the U.S. Department of Justice, Stonefly continued its financially motivated cyberattacks against U.S. organizations. The group specializes in targeting organizations holding classified or sensitive information, and in several instances, deployed its custom malware Backdoor.Preft (aka Dtrack, Valefor). In August, Stonefly launched assaults on three organizations in the U.S., even though the ransomware was never deployed, the group managed to infiltrate with multiple tools from its kit before being thwarted. Stonefly has previously targeted hospitals and other healthcare providers during the pandemic, drawing the attention of the Department of Justice. It is also known for targeting high-value espionage targets like U.S. Air Force bases, NASA Office of Inspector General, and government organizations in China, South Korea, and Taiwan. In July 2024, a member of Stonefly was indicted by U.S. authorities for his role in extorting hospitals and other institutions. Despite this, Stonefly continues its operations, flaunting the indictment and a $10 million bounty from the U.S. Department of Justice, indicating a sustained attempt to mount extortion attacks against organizations in the U.S.
Description last updated: 2024-10-17T12:33:58.642Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Andariel is a possible alias for Stonefly. Andariel, a threat actor controlled by North Korea's military intelligence agency, the Reconnaissance General Bureau, has been actively conducting cyber espionage and ransomware operations. The group funds its activities through ransomware attacks primarily targeting U.S. healthcare entities. In som
4
Silent Chollima is a possible alias for Stonefly. Silent Chollima, also known as Stonefly or APT45, is a threat actor with links to North Korea's foreign intelligence agency, the 3rd Bureau of the Foreign Intelligence and Reconnaissance General Bureau. The group has been active since at least 2015, when it began shifting its objectives. Silent Chol
4
Apt45 is a possible alias for Stonefly. APT45, also known as Andariel, Onyx Sleet, and Silent Chollima, is a North Korean threat actor associated with the Reconnaissance General Bureau, a military intelligence agency. This group has been operational since at least 2009, making it one of North Korea's longest-running cyber operators. Their
2
Dtrack is a possible alias for Stonefly. DTrack is a malicious software (malware) known for its data theft capabilities. It was first associated with North Korean threat groups and has been used in numerous cyber attacks globally. The malware infiltrates systems through suspicious downloads, emails, or websites, and once inside, it collect
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Ransomware
Malware
State Sponso...
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Stonefly Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more